Message ID | 20231019105552.3631582-4-mikko.rapeli@linaro.org |
---|---|
State | New |
Headers | show |
Series | RFC: detect CVEs from embedded mbedtls | expand |
diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc index f7e202ad..8230acef 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc @@ -28,7 +28,7 @@ SRCREV_tfm = "53aa78efef274b9e46e63b429078ae1863609728" # TF-Mv1.8.1 SRCBRANCH_tfm-tests ?= "master" SRCREV_tfm-tests = "1273c5bcd3d8ade60d51524797e0b22b6fd7eea1" -# mbedtls-3.4.1 +CVE_VERSION_mbed_tls = "3.4.1" SRCBRANCH_mbedtls ?= "master" SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631" # mcuboot v1.10.0 diff --git a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc index 1747c654..a21f61df 100644 --- a/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc +++ b/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc @@ -8,6 +8,8 @@ DESCRIPTION = "Trusted Firmware-M" HOMEPAGE = "https://git.trustedfirmware.org/trusted-firmware-m.git" PROVIDES = "virtual/trusted-firmware-m" +CVE_PRODUCT += "mbed_tls" + UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$" # Note to future readers of this recipe: until the CMakeLists don't abuse
Enables detecting CVEs in embedded mbedtls: WARNING: trusted-firmware-m-1.8.1-r0 do_cve_check: Found unpatched CVE (CVE-2023-43615 CVE-2023-45199) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> --- .../trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc | 2 +- meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-)